Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-662-1
HistoryMar 14, 2005 - 12:00 a.m.

squirrelmail - several

2005-03-1400:00:00
Google
osv.dev
17

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

89.7%

JSON

Andrew Archibald discovered that the last update to squirrelmail which
was intended to fix several problems caused a regression which got
exposed when the user hits a session timeout.  For completeness below
is the original advisory text:

>
> Several vulnerabilities have been discovered in Squirrelmail, a
> commonly used webmail system. The Common Vulnerabilities and
> Exposures project identifies the following problems:
>
>
> * CAN-2005-0104
> Upstream developers noticed that an unsanitised variable could
> lead to cross site scripting.
>
> * CAN-2005-0152
> Grant Hollingworth discovered that under certain circumstances URL
> manipulation could lead to the execution of arbitrary code with
> the privileges of www-data. This problem only exists in version
> 1.2.6 of Squirrelmail.
>
>
>

For the stable distribution (woody) these problems have been fixed in
version 1.2.6-3.

For the unstable distribution (sid) the problem that affects unstable
has been fixed in version 1.4.4-1.

We recommend that you upgrade your squirrelmail package.

Related

debian 4
openvas 9
nessus 8
ubuntucve 2
cert 1
cve 2
securityvulns 1
gentoo 1
redhat 2
freebsd 1
debian
debian
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
2005-02-01 14:44:23
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression
2005-03-14 14:24:00
openvas
openvas
Debian Security Advisory DSA 662-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 662-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 662-2 (squirrelmail)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-662-2 : squirrelmail - several vulnerabilities
2005-02-02 00:00:00
Fedora Core 3 : squirrelmail-1.4.4-1.FC3 (2005-260)
2005-09-12 00:00:00
Fedora Core 2 : squirrelmail-1.4.4-1.FC2 (2005-259)
2005-05-19 00:00:00
ubuntucve
ubuntucve
CVE-2005-0104
2005-01-29 00:00:00
CVE-2005-0152
2005-02-02 00:00:00
cert
cert
SquirrelMail may allow execution of arbitrary code
2005-02-09 00:00:00
cve
cve
CVE-2005-0152
2005-02-02 05:00:00
CVE-2005-0104
2005-01-29 05:00:00
securityvulns
securityvulns
SquirrelMail Security Advisory
2005-01-30 00:00:00
gentoo
gentoo
SquirrelMail: Multiple vulnerabilities
2005-01-28 00:00:00
redhat
redhat
(RHSA-2005:099) squirrelmail security update
2005-02-15 00:00:00
(RHSA-2005:135) squirrelmail security update
2005-02-10 00:00:00
freebsd
freebsd
squirrelmail -- XSS and remote code injection vulnerabilities
2005-01-29 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

89.7%

JSON
Related for OSV:DSA-662-1
debian4openvas9nessus8ubuntucve2cert1cve2securityvulns1gentoo1redhat2freebsd1